[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 8 20:41:14 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4817252 by Salvatore Bonaccorso at 2026-05-08T21:40:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2026-8178 (An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2 ...)
 	NOT-FOR-US: Amazon
 CVE-2026-8153 (OS command injection in Dashboard Server interface in Universal Robots ...)
-	TODO: check
+	NOT-FOR-US: Universal Robots
 CVE-2026-8077 (Lack of proper authorization implementation in the CashDro 3 web admin ...)
-	TODO: check
+	NOT-FOR-US: CashDro
 CVE-2026-8076 (Weak credentials in the CashDro 3 web administration panel, version 24 ...)
-	TODO: check
+	NOT-FOR-US: CashDro
 CVE-2026-7864 (SEPPmail Secure Email Gateway before version 15.0.4 exposes server env ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-7650 (The E2Pdf \u2013 Export Pdf Tool for WordPress plugin for WordPress is ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-7475 (The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site ...)
@@ -15,7 +15,7 @@ CVE-2026-7475 (The Sky Addons plugin for WordPress is vulnerable to Stored Cross
 CVE-2026-7330 (The Auto Affiliate Links plugin for WordPress is vulnerable to Stored  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6213 (A vulnerability in Remote SparkSparkView beforebuild 1122 allows an at ...)
-	TODO: check
+	NOT-FOR-US: Remove Spark
 CVE-2026-5341 (The NMR Strava activities plugin for WordPress is vulnerable to Stored ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5127 (The User Frontend: AI Powered Frontend Posting, User Directory, Profil ...)
@@ -52,45 +52,45 @@ CVE-2026-44335 (PraisonAI is a multi-agent teams system. Prior to version 1.6.32
 CVE-2026-44334 (PraisonAI is a multi-agent teams system. From version 4.5.139 to befor ...)
 	NOT-FOR-US: PraisonAI
 CVE-2026-44129 (SEPPmail Secure Email Gateway before version 15.0.4 contains a server- ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-44128 (SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthent ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-44127 (SEPPmail Secure Email Gateway before version 15.0.4 contains an unauth ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-44126 (SEPPmail Secure Email Gateway before version 15.0.4 insecurely deseria ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-44125 (SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce a ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail Secure Email Gateway
 CVE-2026-43967 (Inefficient Algorithmic Complexity vulnerability in absinthe-graphql a ...)
-	TODO: check
+	NOT-FOR-US: absinthe-graphql absinthe
 CVE-2026-42794 (Improper Neutralization of Input During Web Page Generation (XSS) vuln ...)
-	TODO: check
+	NOT-FOR-US: absinthe-graphql absinthe_plug
 CVE-2026-42793 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: absinthe-graphql absinthe
 CVE-2026-42353 (i18next-http-middleware is a middleware to be used with Node.js web fr ...)
-	TODO: check
+	NOT-FOR-US: i18next-http-middleware
 CVE-2026-42072 (Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC wit ...)
-	TODO: check
+	NOT-FOR-US: Nornicdb
 CVE-2026-42030 (MapServer is a system for developing web-based GIS applications. From  ...)
 	TODO: check
 CVE-2026-42028 (novaGallery is a php image gallery. Prior to version 2.1.1, a path tra ...)
-	TODO: check
+	NOT-FOR-US: novaGallery
 CVE-2026-41889 (pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, ...)
 	TODO: check
 CVE-2026-41887 (Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Flarum
 CVE-2026-41886 (locize is a localization platform that connects code and i18n setup. P ...)
 	TODO: check
 CVE-2026-41885 (i18next-locize-backend is a simple i18next backend for locize.com whic ...)
-	TODO: check
+	NOT-FOR-US: i18next-locize-backend
 CVE-2026-41883 (OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2. ...)
-	TODO: check
+	NOT-FOR-US: OmniFaces
 CVE-2026-41693 (i18next-fs-backend is a backend layer for i18next using in Node.js and ...)
-	TODO: check
+	NOT-FOR-US: i18next-fs-backend
 CVE-2026-41690 (18next-http-middleware is a middleware to be used with Node.js web fra ...)
-	TODO: check
+	NOT-FOR-US: i18next-http-middleware
 CVE-2026-41683 (i18next-http-middleware is a middleware to be used with Node.js web fr ...)
-	TODO: check
+	NOT-FOR-US: i18next-http-middleware
 CVE-2026-41591 (Marko is a declarative, HTML-based language for building web apps. Pri ...)
 	TODO: check
 CVE-2026-41588 (RELATE is a web-based courseware package. Prior to commit 2f68e16, the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c481725250819627de1caa9c80878f993a313f44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c481725250819627de1caa9c80878f993a313f44
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/a5646168/attachment.htm>

More information about the debian-security-tracker-commits mailing list